From 7d2b400876c016a81cb2ba73585dc6c335eea6f6 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Wed, 26 Jul 2017 13:22:44 +0000
Subject: [PATCH] Users: Use `esc_url()` instead of `esc_attr()` to escape the
 value of the `srcset` attribute in `get_avatar()`.

Props joemcgill, henry.wright.
Fixes #41215.
Built from https://develop.svn.wordpress.org/trunk@41156


git-svn-id: http://core.svn.wordpress.org/trunk@40996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php | 2 +-
 wp-includes/version.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index b8bed355fc..4a4776b264 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -2535,7 +2535,7 @@ function get_avatar( $id_or_email, $size = 96, $default = '', $alt = '', $args =
 		"<img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/>",
 		esc_attr( $args['alt'] ),
 		esc_url( $url ),
-		esc_attr( "$url2x 2x" ),
+		esc_url( $url2x ) . ' 2x',
 		esc_attr( join( ' ', $class ) ),
 		(int) $args['height'],
 		(int) $args['width'],
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 117e80601f..4b74c79896 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.9-alpha-41154';
+$wp_version = '4.9-alpha-41156';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.